com.pulumi.azure.cdn.kotlin.FrontdoorFirewallPolicyArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-azure-kotlin Show documentation
Show all versions of pulumi-azure-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.cdn.kotlin
import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs.builder
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyCustomRuleArgs
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyCustomRuleArgsBuilder
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyManagedRuleArgs
import com.pulumi.azure.cdn.kotlin.inputs.FrontdoorFirewallPolicyManagedRuleArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Manages a Front Door (standard/premium) Firewall Policy instance.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example-cdn-frontdoor",
* location: "West Europe",
* });
* const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("example", {
* name: "example-profile",
* resourceGroupName: example.name,
* skuName: "Premium_AzureFrontDoor",
* });
* const exampleFrontdoorFirewallPolicy = new azure.cdn.FrontdoorFirewallPolicy("example", {
* name: "examplecdnfdwafpolicy",
* resourceGroupName: example.name,
* skuName: exampleFrontdoorProfile.skuName,
* enabled: true,
* mode: "Prevention",
* redirectUrl: "https://www.contoso.com",
* customBlockResponseStatusCode: 403,
* customBlockResponseBody: "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* customRules: [
* {
* name: "Rule1",
* enabled: true,
* priority: 1,
* rateLimitDurationInMinutes: 1,
* rateLimitThreshold: 10,
* type: "MatchRule",
* action: "Block",
* matchConditions: [{
* matchVariable: "RemoteAddr",
* operator: "IPMatch",
* negationCondition: false,
* matchValues: [
* "10.0.1.0/24",
* "10.0.0.0/24",
* ],
* }],
* },
* {
* name: "Rule2",
* enabled: true,
* priority: 2,
* rateLimitDurationInMinutes: 1,
* rateLimitThreshold: 10,
* type: "MatchRule",
* action: "Block",
* matchConditions: [
* {
* matchVariable: "RemoteAddr",
* operator: "IPMatch",
* negationCondition: false,
* matchValues: ["192.168.1.0/24"],
* },
* {
* matchVariable: "RequestHeader",
* selector: "UserAgent",
* operator: "Contains",
* negationCondition: false,
* matchValues: ["windows"],
* transforms: [
* "Lowercase",
* "Trim",
* ],
* },
* ],
* },
* ],
* managedRules: [
* {
* type: "DefaultRuleSet",
* version: "1.0",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "not_suspicious",
* }],
* overrides: [
* {
* ruleGroupName: "PHP",
* rules: [{
* ruleId: "933100",
* enabled: false,
* action: "Block",
* }],
* },
* {
* ruleGroupName: "SQLI",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "really_not_suspicious",
* }],
* rules: [{
* ruleId: "942200",
* action: "Block",
* exclusions: [{
* matchVariable: "QueryStringArgNames",
* operator: "Equals",
* selector: "innocent",
* }],
* }],
* },
* ],
* },
* {
* type: "Microsoft_BotManagerRuleSet",
* version: "1.0",
* action: "Log",
* },
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example-cdn-frontdoor",
* location="West Europe")
* example_frontdoor_profile = azure.cdn.FrontdoorProfile("example",
* name="example-profile",
* resource_group_name=example.name,
* sku_name="Premium_AzureFrontDoor")
* example_frontdoor_firewall_policy = azure.cdn.FrontdoorFirewallPolicy("example",
* name="examplecdnfdwafpolicy",
* resource_group_name=example.name,
* sku_name=example_frontdoor_profile.sku_name,
* enabled=True,
* mode="Prevention",
* redirect_url="https://www.contoso.com",
* custom_block_response_status_code=403,
* custom_block_response_body="PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* custom_rules=[
* azure.cdn.FrontdoorFirewallPolicyCustomRuleArgs(
* name="Rule1",
* enabled=True,
* priority=1,
* rate_limit_duration_in_minutes=1,
* rate_limit_threshold=10,
* type="MatchRule",
* action="Block",
* match_conditions=[azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
* match_variable="RemoteAddr",
* operator="IPMatch",
* negation_condition=False,
* match_values=[
* "10.0.1.0/24",
* "10.0.0.0/24",
* ],
* )],
* ),
* azure.cdn.FrontdoorFirewallPolicyCustomRuleArgs(
* name="Rule2",
* enabled=True,
* priority=2,
* rate_limit_duration_in_minutes=1,
* rate_limit_threshold=10,
* type="MatchRule",
* action="Block",
* match_conditions=[
* azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
* match_variable="RemoteAddr",
* operator="IPMatch",
* negation_condition=False,
* match_values=["192.168.1.0/24"],
* ),
* azure.cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs(
* match_variable="RequestHeader",
* selector="UserAgent",
* operator="Contains",
* negation_condition=False,
* match_values=["windows"],
* transforms=[
* "Lowercase",
* "Trim",
* ],
* ),
* ],
* ),
* ],
* managed_rules=[
* azure.cdn.FrontdoorFirewallPolicyManagedRuleArgs(
* type="DefaultRuleSet",
* version="1.0",
* exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs(
* match_variable="QueryStringArgNames",
* operator="Equals",
* selector="not_suspicious",
* )],
* overrides=[
* azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs(
* rule_group_name="PHP",
* rules=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs(
* rule_id="933100",
* enabled=False,
* action="Block",
* )],
* ),
* azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs(
* rule_group_name="SQLI",
* exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs(
* match_variable="QueryStringArgNames",
* operator="Equals",
* selector="really_not_suspicious",
* )],
* rules=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs(
* rule_id="942200",
* action="Block",
* exclusions=[azure.cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs(
* match_variable="QueryStringArgNames",
* operator="Equals",
* selector="innocent",
* )],
* )],
* ),
* ],
* ),
* azure.cdn.FrontdoorFirewallPolicyManagedRuleArgs(
* type="Microsoft_BotManagerRuleSet",
* version="1.0",
* action="Log",
* ),
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-cdn-frontdoor",
* Location = "West Europe",
* });
* var exampleFrontdoorProfile = new Azure.Cdn.FrontdoorProfile("example", new()
* {
* Name = "example-profile",
* ResourceGroupName = example.Name,
* SkuName = "Premium_AzureFrontDoor",
* });
* var exampleFrontdoorFirewallPolicy = new Azure.Cdn.FrontdoorFirewallPolicy("example", new()
* {
* Name = "examplecdnfdwafpolicy",
* ResourceGroupName = example.Name,
* SkuName = exampleFrontdoorProfile.SkuName,
* Enabled = true,
* Mode = "Prevention",
* RedirectUrl = "https://www.contoso.com",
* CustomBlockResponseStatusCode = 403,
* CustomBlockResponseBody = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==",
* CustomRules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
* {
* Name = "Rule1",
* Enabled = true,
* Priority = 1,
* RateLimitDurationInMinutes = 1,
* RateLimitThreshold = 10,
* Type = "MatchRule",
* Action = "Block",
* MatchConditions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RemoteAddr",
* Operator = "IPMatch",
* NegationCondition = false,
* MatchValues = new[]
* {
* "10.0.1.0/24",
* "10.0.0.0/24",
* },
* },
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleArgs
* {
* Name = "Rule2",
* Enabled = true,
* Priority = 2,
* RateLimitDurationInMinutes = 1,
* RateLimitThreshold = 10,
* Type = "MatchRule",
* Action = "Block",
* MatchConditions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RemoteAddr",
* Operator = "IPMatch",
* NegationCondition = false,
* MatchValues = new[]
* {
* "192.168.1.0/24",
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs
* {
* MatchVariable = "RequestHeader",
* Selector = "UserAgent",
* Operator = "Contains",
* NegationCondition = false,
* MatchValues = new[]
* {
* "windows",
* },
* Transforms = new[]
* {
* "Lowercase",
* "Trim",
* },
* },
* },
* },
* },
* ManagedRules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
* {
* Type = "DefaultRuleSet",
* Version = "1.0",
* Exclusions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "not_suspicious",
* },
* },
* Overrides = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
* {
* RuleGroupName = "PHP",
* Rules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
* {
* RuleId = "933100",
* Enabled = false,
* Action = "Block",
* },
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideArgs
* {
* RuleGroupName = "SQLI",
* Exclusions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "really_not_suspicious",
* },
* },
* Rules = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs
* {
* RuleId = "942200",
* Action = "Block",
* Exclusions = new[]
* {
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs
* {
* MatchVariable = "QueryStringArgNames",
* Operator = "Equals",
* Selector = "innocent",
* },
* },
* },
* },
* },
* },
* },
* new Azure.Cdn.Inputs.FrontdoorFirewallPolicyManagedRuleArgs
* {
* Type = "Microsoft_BotManagerRuleSet",
* Version = "1.0",
* Action = "Log",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/cdn"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-cdn-frontdoor"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleFrontdoorProfile, err := cdn.NewFrontdoorProfile(ctx, "example", &cdn.FrontdoorProfileArgs{
* Name: pulumi.String("example-profile"),
* ResourceGroupName: example.Name,
* SkuName: pulumi.String("Premium_AzureFrontDoor"),
* })
* if err != nil {
* return err
* }
* _, err = cdn.NewFrontdoorFirewallPolicy(ctx, "example", &cdn.FrontdoorFirewallPolicyArgs{
* Name: pulumi.String("examplecdnfdwafpolicy"),
* ResourceGroupName: example.Name,
* SkuName: exampleFrontdoorProfile.SkuName,
* Enabled: pulumi.Bool(true),
* Mode: pulumi.String("Prevention"),
* RedirectUrl: pulumi.String("https://www.contoso.com"),
* CustomBlockResponseStatusCode: pulumi.Int(403),
* CustomBlockResponseBody: pulumi.String("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="),
* CustomRules: cdn.FrontdoorFirewallPolicyCustomRuleArray{
* &cdn.FrontdoorFirewallPolicyCustomRuleArgs{
* Name: pulumi.String("Rule1"),
* Enabled: pulumi.Bool(true),
* Priority: pulumi.Int(1),
* RateLimitDurationInMinutes: pulumi.Int(1),
* RateLimitThreshold: pulumi.Int(10),
* Type: pulumi.String("MatchRule"),
* Action: pulumi.String("Block"),
* MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
* &cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RemoteAddr"),
* Operator: pulumi.String("IPMatch"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("10.0.1.0/24"),
* pulumi.String("10.0.0.0/24"),
* },
* },
* },
* },
* &cdn.FrontdoorFirewallPolicyCustomRuleArgs{
* Name: pulumi.String("Rule2"),
* Enabled: pulumi.Bool(true),
* Priority: pulumi.Int(2),
* RateLimitDurationInMinutes: pulumi.Int(1),
* RateLimitThreshold: pulumi.Int(10),
* Type: pulumi.String("MatchRule"),
* Action: pulumi.String("Block"),
* MatchConditions: cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArray{
* &cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RemoteAddr"),
* Operator: pulumi.String("IPMatch"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("192.168.1.0/24"),
* },
* },
* &cdn.FrontdoorFirewallPolicyCustomRuleMatchConditionArgs{
* MatchVariable: pulumi.String("RequestHeader"),
* Selector: pulumi.String("UserAgent"),
* Operator: pulumi.String("Contains"),
* NegationCondition: pulumi.Bool(false),
* MatchValues: pulumi.StringArray{
* pulumi.String("windows"),
* },
* Transforms: pulumi.StringArray{
* pulumi.String("Lowercase"),
* pulumi.String("Trim"),
* },
* },
* },
* },
* },
* ManagedRules: cdn.FrontdoorFirewallPolicyManagedRuleArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleArgs{
* Type: pulumi.String("DefaultRuleSet"),
* Version: pulumi.String("1.0"),
* Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleExclusionArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("not_suspicious"),
* },
* },
* Overrides: cdn.FrontdoorFirewallPolicyManagedRuleOverrideArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
* RuleGroupName: pulumi.String("PHP"),
* Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
* RuleId: pulumi.String("933100"),
* Enabled: pulumi.Bool(false),
* Action: pulumi.String("Block"),
* },
* },
* },
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideArgs{
* RuleGroupName: pulumi.String("SQLI"),
* Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("really_not_suspicious"),
* },
* },
* Rules: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs{
* RuleId: pulumi.String("942200"),
* Action: pulumi.String("Block"),
* Exclusions: cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArray{
* &cdn.FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs{
* MatchVariable: pulumi.String("QueryStringArgNames"),
* Operator: pulumi.String("Equals"),
* Selector: pulumi.String("innocent"),
* },
* },
* },
* },
* },
* },
* },
* &cdn.FrontdoorFirewallPolicyManagedRuleArgs{
* Type: pulumi.String("Microsoft_BotManagerRuleSet"),
* Version: pulumi.String("1.0"),
* Action: pulumi.String("Log"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.cdn.FrontdoorProfile;
* import com.pulumi.azure.cdn.FrontdoorProfileArgs;
* import com.pulumi.azure.cdn.FrontdoorFirewallPolicy;
* import com.pulumi.azure.cdn.FrontdoorFirewallPolicyArgs;
* import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyCustomRuleArgs;
* import com.pulumi.azure.cdn.inputs.FrontdoorFirewallPolicyManagedRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-cdn-frontdoor")
* .location("West Europe")
* .build());
* var exampleFrontdoorProfile = new FrontdoorProfile("exampleFrontdoorProfile", FrontdoorProfileArgs.builder()
* .name("example-profile")
* .resourceGroupName(example.name())
* .skuName("Premium_AzureFrontDoor")
* .build());
* var exampleFrontdoorFirewallPolicy = new FrontdoorFirewallPolicy("exampleFrontdoorFirewallPolicy", FrontdoorFirewallPolicyArgs.builder()
* .name("examplecdnfdwafpolicy")
* .resourceGroupName(example.name())
* .skuName(exampleFrontdoorProfile.skuName())
* .enabled(true)
* .mode("Prevention")
* .redirectUrl("https://www.contoso.com")
* .customBlockResponseStatusCode(403)
* .customBlockResponseBody("PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==")
* .customRules(
* FrontdoorFirewallPolicyCustomRuleArgs.builder()
* .name("Rule1")
* .enabled(true)
* .priority(1)
* .rateLimitDurationInMinutes(1)
* .rateLimitThreshold(10)
* .type("MatchRule")
* .action("Block")
* .matchConditions(FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RemoteAddr")
* .operator("IPMatch")
* .negationCondition(false)
* .matchValues(
* "10.0.1.0/24",
* "10.0.0.0/24")
* .build())
* .build(),
* FrontdoorFirewallPolicyCustomRuleArgs.builder()
* .name("Rule2")
* .enabled(true)
* .priority(2)
* .rateLimitDurationInMinutes(1)
* .rateLimitThreshold(10)
* .type("MatchRule")
* .action("Block")
* .matchConditions(
* FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RemoteAddr")
* .operator("IPMatch")
* .negationCondition(false)
* .matchValues("192.168.1.0/24")
* .build(),
* FrontdoorFirewallPolicyCustomRuleMatchConditionArgs.builder()
* .matchVariable("RequestHeader")
* .selector("UserAgent")
* .operator("Contains")
* .negationCondition(false)
* .matchValues("windows")
* .transforms(
* "Lowercase",
* "Trim")
* .build())
* .build())
* .managedRules(
* FrontdoorFirewallPolicyManagedRuleArgs.builder()
* .type("DefaultRuleSet")
* .version("1.0")
* .exclusions(FrontdoorFirewallPolicyManagedRuleExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("not_suspicious")
* .build())
* .overrides(
* FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
* .ruleGroupName("PHP")
* .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
* .ruleId("933100")
* .enabled(false)
* .action("Block")
* .build())
* .build(),
* FrontdoorFirewallPolicyManagedRuleOverrideArgs.builder()
* .ruleGroupName("SQLI")
* .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("really_not_suspicious")
* .build())
* .rules(FrontdoorFirewallPolicyManagedRuleOverrideRuleArgs.builder()
* .ruleId("942200")
* .action("Block")
* .exclusions(FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusionArgs.builder()
* .matchVariable("QueryStringArgNames")
* .operator("Equals")
* .selector("innocent")
* .build())
* .build())
* .build())
* .build(),
* FrontdoorFirewallPolicyManagedRuleArgs.builder()
* .type("Microsoft_BotManagerRuleSet")
* .version("1.0")
* .action("Log")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example-cdn-frontdoor
* location: West Europe
* exampleFrontdoorProfile:
* type: azure:cdn:FrontdoorProfile
* name: example
* properties:
* name: example-profile
* resourceGroupName: ${example.name}
* skuName: Premium_AzureFrontDoor
* exampleFrontdoorFirewallPolicy:
* type: azure:cdn:FrontdoorFirewallPolicy
* name: example
* properties:
* name: examplecdnfdwafpolicy
* resourceGroupName: ${example.name}
* skuName: ${exampleFrontdoorProfile.skuName}
* enabled: true
* mode: Prevention
* redirectUrl: https://www.contoso.com
* customBlockResponseStatusCode: 403
* customBlockResponseBody: PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==
* customRules:
* - name: Rule1
* enabled: true
* priority: 1
* rateLimitDurationInMinutes: 1
* rateLimitThreshold: 10
* type: MatchRule
* action: Block
* matchConditions:
* - matchVariable: RemoteAddr
* operator: IPMatch
* negationCondition: false
* matchValues:
* - 10.0.1.0/24
* - 10.0.0.0/24
* - name: Rule2
* enabled: true
* priority: 2
* rateLimitDurationInMinutes: 1
* rateLimitThreshold: 10
* type: MatchRule
* action: Block
* matchConditions:
* - matchVariable: RemoteAddr
* operator: IPMatch
* negationCondition: false
* matchValues:
* - 192.168.1.0/24
* - matchVariable: RequestHeader
* selector: UserAgent
* operator: Contains
* negationCondition: false
* matchValues:
* - windows
* transforms:
* - Lowercase
* - Trim
* managedRules:
* - type: DefaultRuleSet
* version: '1.0'
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: not_suspicious
* overrides:
* - ruleGroupName: PHP
* rules:
* - ruleId: '933100'
* enabled: false
* action: Block
* - ruleGroupName: SQLI
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: really_not_suspicious
* rules:
* - ruleId: '942200'
* action: Block
* exclusions:
* - matchVariable: QueryStringArgNames
* operator: Equals
* selector: innocent
* - type: Microsoft_BotManagerRuleSet
* version: '1.0'
* action: Log
* ```
*
* ## Import
* Front Door Firewall Policies can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:cdn/frontdoorFirewallPolicy:FrontdoorFirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/firewallPolicy1
* ```
* @property customBlockResponseBody If a `custom_rule` block's action type is `block`, this is the response body. The body must be specified in base64 encoding.
* @property customBlockResponseStatusCode If a `custom_rule` block's action type is `block`, this is the response status code. Possible values are `200`, `403`, `405`, `406`, or `429`.
* @property customRules One or more `custom_rule` blocks as defined below.
* @property enabled Is the Front Door Firewall Policy enabled? Defaults to `true`.
* @property managedRules One or more `managed_rule` blocks as defined below.
* @property mode The Front Door Firewall Policy mode. Possible values are `Detection`, `Prevention`.
* @property name The name of the policy. Changing this forces a new resource to be created.
* @property redirectUrl If action type is redirect, this field represents redirect URL for the client.
* @property requestBodyCheckEnabled Should policy managed rules inspect the request body content? Defaults to `true`.
* > **NOTE:** When run in `Detection` mode, the Front Door Firewall Policy doesn't take any other actions other than monitoring and logging the request and its matched Front Door Rule to the Web Application Firewall logs.
* @property resourceGroupName The name of the resource group. Changing this forces a new resource to be created.
* @property skuName The sku's pricing tier for this Front Door Firewall Policy. Possible values include `Standard_AzureFrontDoor` or `Premium_AzureFrontDoor`. Changing this forces a new resource to be created.
* > **NOTE:** The `Standard_AzureFrontDoor` Front Door Firewall Policy sku may contain `custom` rules only. The `Premium_AzureFrontDoor` Front Door Firewall Policy skus may contain both `custom` and `managed` rules.
* @property tags A mapping of tags to assign to the Front Door Firewall Policy.
*/
public data class FrontdoorFirewallPolicyArgs(
public val customBlockResponseBody: Output? = null,
public val customBlockResponseStatusCode: Output? = null,
public val customRules: Output>? = null,
public val enabled: Output? = null,
public val managedRules: Output>? = null,
public val mode: Output? = null,
public val name: Output? = null,
public val redirectUrl: Output? = null,
public val requestBodyCheckEnabled: Output? = null,
public val resourceGroupName: Output? = null,
public val skuName: Output? = null,
public val tags: Output
© 2015 - 2025 Weber Informatics LLC | Privacy Policy